package com.controller;

import com.entity.Users;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PostFilter;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import java.util.ArrayList;
import java.util.List;

@RestController
@RequestMapping("/test")
public class TestController {

    @GetMapping(value = "hello")
    public String hello(){
        return "hello";
    }

    @PostMapping(value = "index")
    public String index(){
        System.out.println("test index in");
        return "hello index";
    }

    @Secured({"ROLE_sale","Role_app"})
    @GetMapping(value = "app")
    public String app(){
        return "hello app";
    }

    @PreAuthorize("hasAnyRole('sale1','admin')")
    @GetMapping("preApp")
    public String preApp(){
        return "preApp test";
    }

    @PostAuthorize("hasAnyRole('sale1','admin1')")
    @GetMapping("/postApp")
    public String postApp(){
        System.out.println("postApp in");
        return "postApp test";
    }

    /**
     * 注解PostFilter 对结果集过滤
     * @return
     */
    @PostFilter("filterObject.username=='admin'")
    @PostAuthorize("hasAnyRole('sale','admin1')")
    @GetMapping("/postApp2")
    public List<Users> postApp2(){
        List<Users> users = new ArrayList<>();
        users.add(new Users(11,"admin","admin123"));
        users.add(new Users(12,"sale","sale123"));
        System.out.println(users);
        return users;
    }
}
